<?php
	if(!isset($_SESSION['member_is_admin']) || $_SESSION['member_is_admin'] == ''){
		header("Location: index.php");
	}
	
	//--
	$xtpl_main->assign ( "page_title", "Member Task" );
	
	//--
	$memberStatusIsChecked = true;
	$frmActValue = 'doMemberSave';
	
	if(isset($_GET['member_id'])){
		$resultFetchMemberInformation = mysql_query("SELECT * FROM member WHERE member_id = '".$_GET['member_id']."'");
		if(mysql_num_rows($resultFetchMemberInformation) < 1){
			$xtpl->parse('center.member_task_error');
		}
		else {
			$rowFetchMemberInformation = mysql_fetch_array($resultFetchMemberInformation);
			if($rowFetchMemberInformation['member_status'] == '0'){
				$memberStatusIsChecked = FALSE;
			}
			$frmActValue = 'doMemberUpdate';
			$xtpl->assign('member_username', $rowFetchMemberInformation['member_username']);
			$xtpl->assign('member_address', $rowFetchMemberInformation['member_address']);
			$xtpl->assign('member_mail', $rowFetchMemberInformation['member_mail']);
			$xtpl->assign('member_phone', $rowFetchMemberInformation['member_phone']);
			$xtpl->assign('editing_member_id', $_GET['member_id']);
		}
	}
	
	//--
	if($memberStatusIsChecked == true){
		$xtpl->assign('memberStatusIsChecked', 'checked="checked"');
	}
	$xtpl->assign('frmActValue', $frmActValue);
	
	//-- Save
	if(isset($_POST['frmAct'])){
		if($_POST['frmAct'] == 'doMemberSave'){
			if(checkMemberName($_POST['member_username'], '') == true){
				mysql_query("INSERT INTO member (member_username, member_address, member_mail, member_phone, member_status, member_password) VALUES ('".addslashes($_POST['member_username'])."', '".addslashes($_POST['member_address'])."', '".addslashes($_POST['member_mail'])."', '".addslashes($_POST['member_phone'])."', '".$_POST['member_status']."', '".md5($_POST['member_new_password'])."')");
				header("Location: ?mod=admin&act=member");
			}else{
				$xtpl->parse('center.member_username_existed');
			}
		}
		if($_POST['frmAct'] == 'doMemberUpdate'){
			if(checkMemberName($_POST['member_username'], $_POST['member_id']) == true){
				mysql_query("UPDATE member SET member_username = '".addslashes($_POST['member_username'])."', member_address = '".addslashes($_POST['member_address'])."', member_mail = '".addslashes($_POST['member_mail'])."', member_phone = '".addslashes($_POST['member_phone'])."', member_status = '".$_POST['member_status']."', member_password = '".md5($_POST['member_new_password'])."' WHERE member_id = '".$_POST['member_id']."'");
				header("Location: ?mod=admin&act=member");
			}else{
				$xtpl->parse('center.member_username_existed');
			}
		}
	}
	
	function checkMemberName($memberName, $member_id){
		if($member_id != ''){
			$rs = mysql_query("SELECT member_username FROM member WHERE member_username = '".addslashes($memberName)."' AND member_id <> '".addslashes($member_id)."'");
		}else{
			$rs = mysql_query("SELECT member_username FROM member WHERE member_username = '".addslashes($memberName)."'");
		}
	
		if(mysql_num_rows($rs) > 0){
			return false;
		}else{
			return true;
		}
	}
?>